last executing test programs: 935.517547ms ago: executing program 1 (id=2): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0], &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0xb}]}) socket$tipc(0x1e, 0x5, 0x0) close_range(r2, 0xffffffffffffffff, 0x100000000000000) 533.55487ms ago: executing program 2 (id=7): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000001400000000000000ff000000850000000e000000850000000700000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x18) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) pipe2$9p(&(0x7f00000000c0), 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0) process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x14, 0x0) r1 = socket$kcm(0xa, 0x2, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e20, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 533.17021ms ago: executing program 2 (id=8): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth0\x00', 0x0}) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) sendto$packet(r2, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) 467.09079ms ago: executing program 0 (id=1): open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46f28) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@msize={'msize', 0x3d, 0x1000}}], [], 0x6b}}) 417.410376ms ago: executing program 2 (id=11): r0 = socket$netlink(0x10, 0x3, 0x7) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000140)={0x0, 0xc, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"}) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000740)=ANY=[@ANYRES16=r0, @ANYRES8=r0, @ANYRESHEX, @ANYRES32=r0, @ANYRES8=r1, @ANYRESHEX=r1], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200000000040000009500"/81], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000003c0)="322a5f5a12be5019324ccd66e2af60b1fdaca3160d3b8344e7", 0x19) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000440)=""/173) bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 416.906061ms ago: executing program 3 (id=4): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) recvmmsg(r0, &(0x7f0000001b40)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x40010003, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x276f1, 0x0) 407.536009ms ago: executing program 0 (id=13): openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=@newtaction={0x78, 0x30, 0xb, 0x0, 0x0, {}, [{0x64, 0x1, [@m_ct={0x60, 0x1, 0x0, 0x0, {{0x7}, {0x38, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_LABELS={0x12, 0x7, "4614c334e344ae53204373dc0ddeb17f"}, @TCA_CT_ZONE={0x6, 0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0) syz_io_uring_setup(0xed1, &(0x7f00000004c0)={0x0, 0x3c06, 0x10300, 0xfffffffe, 0x59}, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r2}, 0x10) kexec_load(0x0, 0x1, &(0x7f0000000140)=[{0x0, 0x3e00, 0x116094000, 0x41000000}], 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f000009e000/0x2000)=nil, 0x2000, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000001b5181100003af3e0d189b4f64e6d5f456b6064", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000080)='kfree\x00', r4}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{}, &(0x7f0000000000), &(0x7f00000005c0)=r4}, 0x20) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="110325bd7000fbdbdf2501"], 0x20}, 0x1, 0x0, 0x0, 0x24000801}, 0x24000010) kexec_load(0x100000001, 0x1, &(0x7f0000000000)=[{&(0x7f0000000300)="558ce20bd075550c766f5c26e4ed6c7a347426aba036731c3584c077d87b79ec26b745df5dbf92c55dfee7010bb9f70a9c07bbd0cb41e9f9800a5427d2ecdaf78ab8e8533792ae2a971c2e315af6f756603e0d7d276bd7256fe3d61a499e039ab52f142ee0efa33b819412223b1b1cfdbb7f37d858d4b3b20b0db6efaae341313db77dd401eae3bebc349f2bc51a7b61cd76229a53b5612c1150bea80f03a9eef9184e1a7a3451eef9", 0xa9, 0x481, 0x1511}], 0x2a0000) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) recvmmsg(r0, &(0x7f0000003ec0)=[{{0x0, 0x0, 0x0}, 0x8000}], 0x1, 0x100, 0x0) 391.034337ms ago: executing program 4 (id=14): ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, &(0x7f0000000000)) socket$netlink(0x10, 0x3, 0xc) syz_clone(0x9100000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffa}]}) capset(&(0x7f0000000380)={0x19980330}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) shmctl$SHM_LOCK(0x0, 0xb) 313.467401ms ago: executing program 2 (id=15): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000c00)=ANY=[@ANYBLOB="140100002900010000000000fcdbdf2503"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) 313.000991ms ago: executing program 4 (id=16): socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'geneve1\x00', 0x0}) sendto$packet(r1, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb1000000080086dd4803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r3}, 0x14) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) 312.542581ms ago: executing program 2 (id=17): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x2) io_setup(0x7, &(0x7f0000000280)=0x0) r2 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = eventfd2(0x200, 0x80800) fcntl$setownex(r0, 0xf, &(0x7f00000001c0)={0x0, r2}) io_cancel(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6, 0x2, 0xffffffffffffffff, &(0x7f00000002c0)="cd9348f81b0a69b2f2dc2f5620695104b9f8c030097aa6f95fb3a1c86d078077ce2f922003f12128dae13fcd178ab14ab009e7e8f9efda9f662153238ce58bdededd9fbfcb1feddb758bb591085aee6f416ec66ddbfb6132cfc62db09d0d91d700e533b7978a74834074789830b817a11720bb63f5edf6e45abe904e7e97c2926f32abf7e9ed16a3f6e7f39e917f5c58d391cad91f5ad1f4ee296450f6902690b5988affe6c57ca18bb075c30f6b51707792ba4531b7b90eddb517b6eaffe8238788c9a032b961fa7978df170947", 0xce, 0x45, 0x0, 0x2, r3}, &(0x7f0000000100)) io_submit(r1, 0x2, &(0x7f0000000b40)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x7, 0x8655, r0, 0x0}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x8, r0, 0x0, 0x0, 0x5, 0x0, 0x6}]) 299.437119ms ago: executing program 3 (id=18): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000004000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_io_uring_setup(0x14dd, &(0x7f0000000300)={0x0, 0x5121, 0x0, 0x3, 0x258}, &(0x7f0000000040)=0x0, &(0x7f0000000600)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_SYMLINKAT={0x26, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140)='./file1\x00'}) io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0) 259.638306ms ago: executing program 4 (id=19): unshare(0x22020400) r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x107b42, 0x32) copy_file_range(r0, 0x0, r0, 0x0, 0x9, 0x0) 197.695611ms ago: executing program 4 (id=20): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x7002}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000600)={'pim6reg1\x00', @link_local}) pread64(r0, &(0x7f0000002200)=""/89, 0x59, 0x10000) 152.360966ms ago: executing program 3 (id=21): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x80042, 0x1bd) close(r0) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b000000000000000000000000800000000008"], 0x48) mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x4008, &(0x7f00000000c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=']) 129.08668ms ago: executing program 4 (id=22): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0x22c7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x27, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$igmp6(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r2, 0x29, 0x22, &(0x7f0000000080)={{0xa, 0x4e24, 0x101, @empty}, {0xa, 0x4e22, 0x0, @dev}, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x899, 0x1]}}, 0x5c) 82.473216ms ago: executing program 4 (id=23): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={0x40, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "ffd7"}]}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r4}, 0x10) r5 = io_uring_setup(0xaae, &(0x7f0000000080)={0x0, 0xffffeffa, 0x800, 0x7, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f0000000300)=[{&(0x7f0000007900)=""/4095, 0xfff}], 0x1) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000007c0)={[{@nodioread_nolock}, {@errors_remount}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5a}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x3}}]}, 0x1, 0x46f, &(0x7f0000000bc0)="$eJzs281rHOUfAPDvTF7a/vqS/Gp9aa0aLUJQTJq0ag9eFAWRioIe6jEm2xK6baSJYmuxqYgnQQp6Fo+if4E3EUQ9CV49eZJC0V7aeorM7Ey62WYTazaZ2P18YLPPM/PszvebeXv2eXYD6FpD2Z8kYkdE/BoRA43q0gZDjafrV89P3rh6fjKJhYXX/kjydteunp8sm5av215UhtOI9MOk2MhSs2fPnZyo12tnivro3Km3RmfPnnvinVMTJ2onaqfHjxw5fGjs6afGn+xInlle1/a9P7N/74tvXHp58tilN3/8Oot3R7G+OY9OGcoS/3Mh17ru0U5vrGI7m8pJb4WBcFt6IiLbXX35+T8QPXFz5w3ECx9UGhywrrJ705b2q+cXgDtYElVHAFSjvNFnn3/LxwZ1PTaFK882PgBleV8vHo01vZEWbfpaPt920lBEHJv/6/PsEes0DgEA0Ozjyc+O9kfEeze+einrewwsrknjnvz5t/zvrmIOZTAi/h8RuyPirojYExF3R+Rt742I+9YYz639n/TyGt9yRVn/75libmtp/6/s/cVgT1HbmefflxyfrtcOFv+T4ejbktXHVtjGt8//8km7dc39v+yRbb/sCxZxXO5tGaCbmpibyDulHXDlYsS+3uXyTxZnApKI2BsR+27vrXeVhenHvtzfrtHq+a+gA/NMC19k6c1n+c9HS/6lpHl+cvqW+cnRrVGvHRwtj4pb/fTzR6+22/6a8u+AK7XGc9P+b20ymDTP1852dvv/8vhP+5PX83nm/mLZuxNzc2fGIvqTo3l9yfLxm68t62X77PgfPrD8+b+7eE2W//0RkR3ED0TEgxHxUBH7wxHxSEQcWCHHH55bPf9IK9r/FyOmlr3+LR7/Lfv/9gs9J7//pt32/9n+P5yXhosl+fVvFcuFk10uWgNcy/8OAAAA/ivS/DvwSTqyWE7TkZHGd/j3xP/S+szs3OPHZ94+PdX4rvxg9KXlSNdAMR5an67XxpL54h0b46PjxVhxOV56qBg3/rRnW14fmZypT1WcO3S77W3O/8zvPVVHB6yzbcsuHe/f8ECACrTOo6dLqxdeCRcDuFP5vTZ0r1XO/3Sj4gA2nvs/dK/lzv8LLXVzAXBncv+H7uX8hy6Vfld1BECF3P+hK63ld/3rWNi6OcKoprBZd0peiCgL6aaIR2GdClVfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrj7wAAAP//KFzmgQ==") 80.928928ms ago: executing program 3 (id=24): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) close(r2) 9.737528ms ago: executing program 3 (id=25): sendmsg$IEEE802154_ASSOCIATE_REQ(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x2c, 0x0, 0x1, 0x70bd25, 0x25dfdbff, {}, [@IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x1}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa2}, @IEEE802154_ATTR_CHANNEL={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040000}, 0x44) r0 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$LOOP_SET_STATUS64(r0, 0xc0c0128e, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x4, 0x2ac, 0x0, 0x0, 0x15, 0x19, "8975301576b0cf0900245518580ce0c8bf604cca41f31c108938fcfa393edb69e0bcff0f0000000000000900000000000000d0f08e8ad896ba67a00973defa00", "8b609009aaa722681a1e2513d754f688a9e306ee1dba533f02e1b69da6e26ec889fee41b80000827cc7d24fdc26f2395d702020000e4b8fb1703e47463b969e4", "ca1bf5ff2b4a000000000000008218040000db00", [0xc, 0xfffffffffffffffd]}) 9.218558ms ago: executing program 2 (id=26): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r0, &(0x7f0000000a00)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000940)=""/3, 0x3, 0x2, 0x4, 0x1000000, 0x0, 0xc08}}, 0x120) readv(r0, &(0x7f00000007c0)=[{&(0x7f0000000080)=""/149, 0x95}, {0x0}], 0x2) readv(r0, &(0x7f0000000040)=[{&(0x7f0000000240)=""/231, 0xe7}], 0x1) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2c, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0x2000000000000299, &(0x7f0000000180)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x7, 0x0, 0x0, 0x40e00, 0xc, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000005c0)='kmem_cache_free\x00', r4}, 0x18) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000080)={@local, @multicast1}, &(0x7f00000001c0)=0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000011c0)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYRES64], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x810) sendmsg$RDMA_NLDEV_CMD_DELLINK(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf250800010000000000ba30b28e994c1a08d1ca4eb6b8b4889cdd4e786eb807e04eb88b935d785f3d3201c58033"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='mm_collapse_huge_page_swapin\x00', r5, 0x0, 0x7}, 0x18) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000010c0)=ANY=[@ANYRES32=r7, @ANYRES32, @ANYBLOB='8\x00\x00\x00 \x00\x00', @ANYRES32, @ANYBLOB="ee28d4f7ecfb1e0748d346a3d40a9b39424e6e9a1a5a7f40d77e47a5cf70c04a067b0608a99d04edf7df60d99996362161165f8e7c939172923e136a71cca6c2aa6cbfe1c77633780b320694cac7ab0bcd09843cde4fcabb81a8da07e67b724371ad70bb7b52c47e18ca3628db6c7a8a43dde91ccb5b232b768880b8484b147c1112affb02b252e54a8ce14111007195cf14dcd7b0b7cf06a2be38a3c0f7aa668ecf7d2eb78f60925cdde56878966049e5387d060000000000000080524311a744c82e163470637e7dea2bd760db4f294d83cf", @ANYRES8=r3, @ANYBLOB, @ANYRES64], 0x20) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x9, 0x0, 0x1, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x3}, 0x50) write$UHID_DESTROY(r0, &(0x7f0000000200), 0x4) 8.832555ms ago: executing program 1 (id=27): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0x3e, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000010) r2 = io_uring_setup(0x6ed5, &(0x7f00000002c0)={0x0, 0xa4d5, 0x2, 0x4, 0x172}) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r3, 0xfffffffc) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendmsg$rds(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/44, 0x2c}], 0x1, 0x0, 0x0, 0x840}, 0x4004080) close_range(r2, 0xffffffffffffffff, 0x0) 0s ago: executing program 3 (id=28): pipe2$9p(0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd6000000000142c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa0600ff"], 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r1, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x1, 0x353a, 0x1}}, 0x20) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff6, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0xffffffffffffff62, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x7000000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r3}, 0x10) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.54' (ED25519) to the list of known hosts. [ 32.112621][ T6562] cgroup: Unknown subsys name 'net' [ 32.212275][ T6562] cgroup: Unknown subsys name 'cpuset' [ 32.214889][ T6562] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 32.380489][ T6562] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 34.934205][ T6584] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 34.945324][ T6579] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 34.946230][ T6579] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 34.946506][ T6579] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 34.946917][ T6579] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 34.947245][ T6579] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 34.947515][ T6579] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 34.947768][ T6579] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 34.947998][ T6579] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 34.948232][ T6579] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 34.948516][ T6579] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 34.948797][ T6579] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 34.949435][ T6579] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 34.949985][ T6579] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 34.950438][ T6579] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 34.951503][ T6579] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 34.952191][ T6579] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 34.952774][ T6579] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 34.953244][ T6579] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 34.953492][ T6579] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 34.955805][ T6579] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 34.956051][ T6579] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 34.956246][ T6579] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 34.958930][ T6579] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 34.967869][ T6579] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 35.153892][ T6572] chnl_net:caif_netlink_parms(): no params data found [ 35.184951][ T6576] chnl_net:caif_netlink_parms(): no params data found [ 35.191670][ T6580] chnl_net:caif_netlink_parms(): no params data found [ 35.211839][ T6578] chnl_net:caif_netlink_parms(): no params data found [ 35.237625][ T6573] chnl_net:caif_netlink_parms(): no params data found [ 35.289854][ T6572] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.291611][ T6572] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.293018][ T6572] bridge_slave_0: entered allmulticast mode [ 35.294697][ T6572] bridge_slave_0: entered promiscuous mode [ 35.296854][ T6580] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.296947][ T6580] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.297016][ T6580] bridge_slave_0: entered allmulticast mode [ 35.297431][ T6580] bridge_slave_0: entered promiscuous mode [ 35.319312][ T6580] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.319366][ T6580] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.319424][ T6580] bridge_slave_1: entered allmulticast mode [ 35.319873][ T6580] bridge_slave_1: entered promiscuous mode [ 35.320452][ T6572] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.320493][ T6572] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.320560][ T6572] bridge_slave_1: entered allmulticast mode [ 35.321488][ T6572] bridge_slave_1: entered promiscuous mode [ 35.327467][ T6576] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.327485][ T6576] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.327531][ T6576] bridge_slave_0: entered allmulticast mode [ 35.327943][ T6576] bridge_slave_0: entered promiscuous mode [ 35.328663][ T6576] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.328681][ T6576] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.328748][ T6576] bridge_slave_1: entered allmulticast mode [ 35.329144][ T6576] bridge_slave_1: entered promiscuous mode [ 35.350152][ T6576] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 35.351366][ T6576] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 35.360463][ T6578] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.361406][ T6578] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.361490][ T6578] bridge_slave_0: entered allmulticast mode [ 35.362095][ T6578] bridge_slave_0: entered promiscuous mode [ 35.377314][ T6580] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 35.377455][ T6578] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.377487][ T6578] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.377537][ T6578] bridge_slave_1: entered allmulticast mode [ 35.377983][ T6578] bridge_slave_1: entered promiscuous mode [ 35.379166][ T6572] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 35.385774][ T6576] team0: Port device team_slave_0 added [ 35.386635][ T6576] team0: Port device team_slave_1 added [ 35.386755][ T6573] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.388774][ T6573] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.389998][ T6573] bridge_slave_0: entered allmulticast mode [ 35.391652][ T6573] bridge_slave_0: entered promiscuous mode [ 35.394437][ T6580] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 35.395694][ T6572] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 35.403189][ T6573] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.404442][ T6573] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.405627][ T6573] bridge_slave_1: entered allmulticast mode [ 35.407263][ T6573] bridge_slave_1: entered promiscuous mode [ 35.419440][ T6578] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 35.420401][ T6578] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 35.435442][ T6576] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.435465][ T6576] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 35.435479][ T6576] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.447378][ T6580] team0: Port device team_slave_0 added [ 35.448782][ T6572] team0: Port device team_slave_0 added [ 35.449471][ T6576] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.449482][ T6576] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 35.449497][ T6576] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.452242][ T6578] team0: Port device team_slave_0 added [ 35.454027][ T6573] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 35.455374][ T6580] team0: Port device team_slave_1 added [ 35.456392][ T6572] team0: Port device team_slave_1 added [ 35.459695][ T6578] team0: Port device team_slave_1 added [ 35.461448][ T6573] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 35.485305][ T6572] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.485340][ T6572] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 35.485358][ T6572] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.495842][ T6580] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.495864][ T6580] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 35.495876][ T6580] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.497000][ T6573] team0: Port device team_slave_0 added [ 35.497768][ T6573] team0: Port device team_slave_1 added [ 35.506640][ T6572] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.506661][ T6572] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 35.506677][ T6572] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.514572][ T6578] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.515781][ T6578] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 35.519646][ T6578] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.522025][ T6580] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.522049][ T6580] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 35.522066][ T6580] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.532958][ T6576] hsr_slave_0: entered promiscuous mode [ 35.533335][ T6576] hsr_slave_1: entered promiscuous mode [ 35.533902][ T6578] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.533912][ T6578] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 35.533926][ T6578] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.538489][ T6573] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.538497][ T6573] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 35.538508][ T6573] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.551309][ T6573] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.551337][ T6573] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 35.551350][ T6573] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.563414][ T6578] hsr_slave_0: entered promiscuous mode [ 35.564793][ T6578] hsr_slave_1: entered promiscuous mode [ 35.566036][ T6578] debugfs: 'hsr0' already exists in 'hsr' [ 35.567142][ T6578] Cannot create hsr debugfs directory [ 35.583845][ T6572] hsr_slave_0: entered promiscuous mode [ 35.584198][ T6572] hsr_slave_1: entered promiscuous mode [ 35.584404][ T6572] debugfs: 'hsr0' already exists in 'hsr' [ 35.584415][ T6572] Cannot create hsr debugfs directory [ 35.603569][ T6580] hsr_slave_0: entered promiscuous mode [ 35.604938][ T6580] hsr_slave_1: entered promiscuous mode [ 35.606103][ T6580] debugfs: 'hsr0' already exists in 'hsr' [ 35.607084][ T6580] Cannot create hsr debugfs directory [ 35.625177][ T6573] hsr_slave_0: entered promiscuous mode [ 35.625849][ T6573] hsr_slave_1: entered promiscuous mode [ 35.626061][ T6573] debugfs: 'hsr0' already exists in 'hsr' [ 35.626072][ T6573] Cannot create hsr debugfs directory [ 35.765265][ T6576] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 35.768947][ T6576] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 35.778542][ T6576] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 35.781524][ T6576] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 35.790549][ T6578] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 35.795950][ T6578] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 35.798763][ T6578] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 35.801529][ T6578] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 35.819868][ T6576] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.819917][ T6576] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.820091][ T6576] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.820121][ T6576] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.834420][ T6580] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 35.843605][ T6580] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 35.848286][ T6578] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.848324][ T6578] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.848402][ T6578] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.848430][ T6578] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.856201][ T6580] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 35.859234][ T6580] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 35.873758][ T6576] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.879182][ T6572] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 35.888053][ T4190] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.889390][ T4190] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.890581][ T4190] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.892784][ T4190] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.900357][ T6572] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 35.903095][ T6572] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 35.905576][ T6572] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 35.917196][ T6576] 8021q: adding VLAN 0 to HW filter on device team0 [ 35.934282][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.934329][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.953094][ T6573] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 35.955487][ T6573] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 35.963341][ T5496] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.963378][ T5496] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.966375][ T6573] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 35.976705][ T6573] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 35.989175][ T6576] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 35.989221][ T6576] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 36.008310][ T6572] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.020077][ T6578] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.026083][ T6580] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.052918][ T6572] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.061900][ T6578] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.063059][ T6580] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.074769][ T1822] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.074815][ T1822] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.075557][ T1822] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.075573][ T1822] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.084834][ T1822] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.084874][ T1822] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.095059][ T1822] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.095100][ T1822] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.103237][ T1822] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.103279][ T1822] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.116444][ T6573] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.132365][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.132408][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.149102][ T6576] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.163891][ T6573] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.172387][ T6578] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 36.178497][ T807] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.178537][ T807] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.188056][ T6580] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.190307][ T5496] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.190361][ T5496] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.225426][ T6576] veth0_vlan: entered promiscuous mode [ 36.227179][ T6576] veth1_vlan: entered promiscuous mode [ 36.238452][ T6573] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 36.253644][ T6576] veth0_macvtap: entered promiscuous mode [ 36.254711][ T6576] veth1_macvtap: entered promiscuous mode [ 36.275722][ T6576] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.280248][ T6576] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.284917][ T376] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.286538][ T376] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.287970][ T376] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.290325][ T376] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.294667][ T6578] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.372633][ T4190] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.372663][ T4190] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.378967][ T6578] veth0_vlan: entered promiscuous mode [ 36.384632][ T6572] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.390844][ T6578] veth1_vlan: entered promiscuous mode [ 36.402142][ T6573] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.403305][ T4190] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.403320][ T4190] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.407246][ T6580] veth0_vlan: entered promiscuous mode [ 36.436080][ T6580] veth1_vlan: entered promiscuous mode [ 36.445398][ T6578] veth0_macvtap: entered promiscuous mode [ 36.446530][ T6578] veth1_macvtap: entered promiscuous mode [ 36.448507][ T6572] veth0_vlan: entered promiscuous mode [ 36.453708][ T6572] veth1_vlan: entered promiscuous mode [ 36.458148][ T6576] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 36.462875][ T6580] veth0_macvtap: entered promiscuous mode [ 36.477521][ T6578] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.478470][ T6578] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.479970][ T4190] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.493212][ T4190] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.493499][ T4190] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.493521][ T4190] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.498301][ T6573] veth0_vlan: entered promiscuous mode [ 36.500827][ T31] audit: type=1326 audit(36.480:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6685 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7e95b9e8 code=0x7ffc0000 [ 36.501293][ T31] audit: type=1326 audit(36.490:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6685 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7e95b9e8 code=0x7ffc0000 [ 36.501609][ T31] audit: type=1326 audit(36.490:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6685 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7e95b9e8 code=0x7ffc0000 [ 36.502759][ T31] audit: type=1326 audit(36.490:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6685 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7e95b9e8 code=0x7ffc0000 [ 36.502841][ T31] audit: type=1326 audit(36.490:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6685 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff7e95b9e8 code=0x7ffc0000 [ 36.503054][ T31] audit: type=1326 audit(36.490:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6685 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7e95b9e8 code=0x7ffc0000 [ 36.503115][ T31] audit: type=1326 audit(36.490:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6685 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7e95b9e8 code=0x7ffc0000 [ 36.503329][ T31] audit: type=1326 audit(36.490:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6685 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7e95b9e8 code=0x7ffc0000 [ 36.503401][ T31] audit: type=1326 audit(36.490:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6685 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff7e95b9e8 code=0x7ffc0000 [ 36.503580][ T31] audit: type=1326 audit(36.490:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6685 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7e95b9e8 code=0x7ffc0000 [ 36.534542][ T6580] veth1_macvtap: entered promiscuous mode [ 36.548026][ T6580] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.555560][ T6573] veth1_vlan: entered promiscuous mode [ 36.558104][ T6580] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.575036][ T41] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.578700][ T41] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.579000][ T41] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.579030][ T41] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.592807][ T6572] veth0_macvtap: entered promiscuous mode [ 36.607341][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.607381][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.614593][ T6572] veth1_macvtap: entered promiscuous mode [ 36.630558][ T5496] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.630589][ T5496] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.668968][ T5496] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.669000][ T5496] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.673176][ T6573] veth0_macvtap: entered promiscuous mode [ 36.684989][ T6572] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.702200][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.702235][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.706192][ T6572] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.710360][ T6573] veth1_macvtap: entered promiscuous mode [ 36.724422][ T807] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.725805][ T807] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.726005][ T807] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.726089][ T807] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.759637][ T6573] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.777360][ T6573] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.785491][ T807] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.785535][ T807] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.785553][ T807] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.785570][ T807] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.803321][ T807] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.803356][ T807] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.840195][ T376] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.840230][ T376] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.898719][ T5496] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.898975][ T5496] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.925487][ T3857] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.925521][ T3857] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.962853][ T6579] Bluetooth: hci0: command tx timeout [ 36.967940][ T6707] tmpfs: Bad value for 'mpol' [ 37.031314][ T6716] capability: warning: `syz.4.14' uses 32-bit capabilities (legacy support in use) [ 37.041096][ T6579] Bluetooth: hci3: command tx timeout [ 37.041282][ T6177] Bluetooth: hci1: command tx timeout [ 37.041427][ T6177] Bluetooth: hci2: command tx timeout [ 37.041542][ T6586] Bluetooth: hci4: command tx timeout [ 37.084903][ T6724] netlink: 256 bytes leftover after parsing attributes in process `syz.2.15'. [ 37.147499][ T6727] serio: Serial port ptm1 [ 37.280005][ T6727] serio: Serial port ptm1 [ 37.299906][ T6736] 9p: Bad value for 'wfdno' [ 37.392930][ T6740] loop4: detected capacity change from 0 to 512 [ 37.414131][ T6629] hid-generic 0002:0004:1000000.0001: unknown main item tag 0x0 [ 37.415696][ T6629] hid-generic 0002:0004:1000000.0001: unknown main item tag 0x0 [ 37.416925][ T6629] hid-generic 0002:0004:1000000.0001: unknown main item tag 0x0 [ 37.423742][ T6629] hid-generic 0002:0004:1000000.0001: hidraw0: HID v0.00 Device [syz0] on syz1 [ 37.432227][ T6740] ------------[ cut here ]------------ [ 37.432255][ T6740] EA inode 11 i_nlink=2 [ 37.433367][ T6740] WARNING: fs/ext4/xattr.c:1058 at ext4_xattr_inode_update_ref+0x444/0x44c, CPU#0: syz.4.23/6740 [ 37.435629][ T6740] Modules linked in: [ 37.436216][ T6740] CPU: 0 UID: 0 PID: 6740 Comm: syz.4.23 Not tainted syzkaller #0 PREEMPT [ 37.437453][ T6740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 37.438907][ T6740] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 37.440009][ T6740] pc : ext4_xattr_inode_update_ref+0x444/0x44c [ 37.441002][ T6740] lr : ext4_xattr_inode_update_ref+0x444/0x44c [ 37.441963][ T6740] sp : ffff8000a0de6cc0 [ 37.442583][ T6740] x29: ffff8000a0de6d70 x28: 0000000000000000 x27: 1fffe0001a0fddcd [ 37.443786][ T6740] x26: dfff800000000000 x25: ffff8000a0de6ce0 x24: ffff7000141bcd9c [ 37.445016][ T6740] x23: ffff800092e86000 x22: ffff0000d07eecb8 x21: 0000000000000002 [ 37.446311][ T6740] x20: 0000000000000001 x19: ffff0000d07eec78 x18: 00000000ffffffff [ 37.447576][ T6740] x17: 0000000000000000 x16: ffff800082e5c71c x15: 0000000000000001 [ 37.448790][ T6740] x14: 1fffe0001a8f8690 x13: 0000000000000000 x12: 0000000000000000 [ 37.450033][ T6740] x11: 0000000000080000 x10: 0000000000000003 x9 : 458bff57c1799400 [ 37.451305][ T6740] x8 : 458bff57c1799400 x7 : ffff80008049e510 x6 : 0000000000000000 [ 37.452662][ T6740] x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff80008048fef4 [ 37.453881][ T6740] x2 : 0000000000000001 x1 : ffff80008b5a9be0 x0 : 0000000000000001 [ 37.455133][ T6740] Call trace: [ 37.455652][ T6740] ext4_xattr_inode_update_ref+0x444/0x44c (P) [ 37.456610][ T6740] ext4_xattr_set_entry+0x928/0x15c0 [ 37.457470][ T6740] ext4_xattr_ibody_set+0x204/0x5fc [ 37.458249][ T6740] ext4_expand_extra_isize_ea+0xf00/0x1830 [ 37.459131][ T6740] __ext4_expand_extra_isize+0x2a0/0x37c [ 37.459992][ T6740] __ext4_mark_inode_dirty+0x3a8/0x6fc [ 37.460762][ T6740] ext4_evict_inode+0x8dc/0x1058 [ 37.461479][ T6740] evict+0x4e0/0xa74 [ 37.462037][ T6740] iput+0xc54/0xfdc [ 37.462631][ T6740] ext4_process_orphan+0x240/0x2b4 [ 37.463364][ T6740] ext4_orphan_cleanup+0x930/0x107c [ 37.464241][ T6740] ext4_fill_super+0x47e8/0x4f5c [ 37.464975][ T6740] get_tree_bdev_flags+0x360/0x414 [ 37.465735][ T6740] get_tree_bdev+0x2c/0x3c [ 37.466415][ T6740] ext4_get_tree+0x28/0x38 [ 37.467102][ T6740] vfs_get_tree+0x90/0x28c [ 37.467705][ T6740] do_new_mount+0x284/0x944 [ 37.468406][ T6740] path_mount+0x5b4/0xdfc [ 37.469049][ T6740] __arm64_sys_mount+0x3e8/0x468 [ 37.469799][ T6740] invoke_syscall+0x98/0x254 [ 37.470512][ T6740] el0_svc_common+0xe8/0x23c [ 37.471229][ T6740] do_el0_svc+0x48/0x58 [ 37.471851][ T6740] el0_svc+0x5c/0x26c [ 37.472467][ T6740] el0t_64_sync_handler+0x84/0x12c [ 37.473233][ T6740] el0t_64_sync+0x198/0x19c [ 37.473880][ T6740] irq event stamp: 11016 [ 37.474523][ T6740] hardirqs last enabled at (11015): [] finish_lock_switch+0xb0/0x1c0 [ 37.476075][ T6740] hardirqs last disabled at (11016): [] el1_brk64+0x20/0x54 [ 37.477394][ T6740] softirqs last enabled at (10572): [] handle_softirqs+0xaf8/0xc88 [ 37.478853][ T6740] softirqs last disabled at (10389): [] __do_softirq+0x14/0x20 [ 37.480189][ T6740] ---[ end trace 0000000000000000 ]--- [ 37.514313][ T6740] EXT4-fs error (device loop4): ext4_xattr_inode_iget:441: inode #18: comm syz.4.23: iget: bad extra_isize 90 (inode size 256) [ 37.515127][ T6740] EXT4-fs (loop4): Remounting filesystem read-only [ 37.515257][ T6740] EXT4-fs warning (device loop4): ext4_evict_inode:273: xattr delete (err -30) [ 37.515362][ T6740] EXT4-fs (loop4): 1 orphan inode deleted [ 37.515842][ T6740] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.533622][ T6753] lo speed is unknown, defaulting to 1000 [ 37.533972][ T6753] lo speed is unknown, defaulting to 1000 [ 37.535532][ T6753] lo speed is unknown, defaulting to 1000 [ 37.541637][ T6753] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 37.554393][ T6753] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 37.598773][ T6753] lo speed is unknown, defaulting to 1000 [ 37.599357][ T6753] lo speed is unknown, defaulting to 1000 [ 37.617513][ T6580] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.618821][ T6753] lo speed is unknown, defaulting to 1000 [ 37.619179][ T6753] lo speed is unknown, defaulting to 1000 [ 37.619947][ T6753] lo speed is unknown, defaulting to 1000 [ 39.041088][ T6579] Bluetooth: hci0: command tx timeout [ 39.120933][ T6579] Bluetooth: hci3: command tx timeout [ 39.130980][ T6587] Bluetooth: hci1: command tx timeout [ 39.132491][ T6579] Bluetooth: hci4: command tx timeout [ 39.132493][ T6586] Bluetooth: hci2: command tx timeout [ 41.120949][ T6579] Bluetooth: hci0: command tx timeout [ 41.201003][ T6579] Bluetooth: hci2: command tx timeout [ 41.201040][ T6579] Bluetooth: hci1: command tx timeout [ 41.201063][ T6579] Bluetooth: hci4: command tx timeout [ 41.201079][ T6579] Bluetooth: hci3: command tx timeout [ 43.210892][ T6586] Bluetooth: hci0: command tx timeout [ 43.280929][ T6586] Bluetooth: hci3: command tx timeout [ 43.280959][ T6579] Bluetooth: hci4: command tx timeout [ 43.280984][ T6579] Bluetooth: hci2: command tx timeout [ 43.280998][ T6587] Bluetooth: hci1: command tx timeout